diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index ad2e0a67..065ee6b2 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,13 +1,13 @@ { "alertmanager": "0.25.0", "blackboxExporter": "0.24.0", - "grafana": "9.5.2", + "grafana": "9.5.3", "kubeStateMetrics": "2.9.2", "nodeExporter": "1.6.0", "prometheus": "2.44.0", "prometheusAdapter": "0.10.0", - "prometheusOperator": "0.65.2", - "kubeRbacProxy": "0.14.1", + "prometheusOperator": "0.66.0", + "kubeRbacProxy": "0.14.2", "configmapReload": "0.5.0", "pyrra": "0.6.3" } diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index df64a9fe..34981e62 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "5773d94c2202c7d8e78a7b784805fcd79fe263dc", - "sum": "6zCXrAUbEtaKb3GQsUIGzwsFqQPYFKFgc9nbhweJHBY=" + "version": "5e7349b44c450a8be17e9a2961a67837cdc82bde", + "sum": "GdePvMDfLQcVhwzk/Ephi/jC27ywGObLB5t0eC0lXd4=" }, { "source": { @@ -38,7 +38,7 @@ "subdir": "grafonnet" } }, - "version": "f0b70307b8e5f12236b277883d998af129a8211f", + "version": "38f3358ccad25a53700a71e3e5b9032e12fe2023", "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc=" }, { @@ -48,7 +48,7 @@ "subdir": "grafonnet-7.0" } }, - "version": "f0b70307b8e5f12236b277883d998af129a8211f", + "version": "38f3358ccad25a53700a71e3e5b9032e12fe2023", "sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM=" }, { @@ -58,7 +58,7 @@ "subdir": "grafana-builder" } }, - "version": "3b08e7d37511dfd39af6027d07788a5ca8ec71b1", + "version": "48da1834254f19d592a33ccfee18159af96be6f3", "sum": "wp/L/9smcsHIiy24DH5WWMv2fcSckN2Lw/m7qDszaWU=" }, { @@ -68,8 +68,8 @@ "subdir": "" } }, - "version": "b5c70aa61342fbca60b3baa7a652b64aa80c0a9f", - "sum": "8lDLaXX8zuuWJZn6dOc9e2QNNNRdatYNaFr8h0ine8Q=" + "version": "003ba5eadfbd69817d1215952133d3ecf99fbd92", + "sum": "2ZvQR3ld4JuX0PC3IYMri/jbeW7ko3ni2Ukrz2QnG3M=" }, { "source": { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "32cc599309ee873affe345b7bc7af604c25defc6", + "version": "3d46fe0f72b6776ec89d21b0a7293e98ba37cb73", "sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "32cc599309ee873affe345b7bc7af604c25defc6", + "version": "3d46fe0f72b6776ec89d21b0a7293e98ba37cb73", "sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c=" }, { @@ -98,7 +98,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "bb8188bb80ff275d3e3d1f5906f9981c0218f1d4", + "version": "ed057efaf11da8411192ceab42db7c6cd8c7e919", "sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=", "name": "prometheus-operator-mixin" }, @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "bb8188bb80ff275d3e3d1f5906f9981c0218f1d4", - "sum": "JdQ4Jk53T4ngD9D5IsInyxSXt/63npQ9OGkRZO4azT8=" + "version": "ed057efaf11da8411192ceab42db7c6cd8c7e919", + "sum": "4GvtM8IwMm38fTqnE4G8CZslf5AOzxXezmlC164vuYU=" }, { "source": { @@ -119,7 +119,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "5adc7369c838c31fcbaa7d413951a2dc01ae87ae", + "version": "90a8acd27661db09c9d9f1b4a2d4574a24466c76", "sum": "PsK+V7oETCPKu2gLoPfqY0wwPKH9TzhNj6o2xezjjXc=", "name": "alertmanager" }, @@ -130,7 +130,7 @@ "subdir": "docs/node-mixin" } }, - "version": "ff7f9d69b645cb691dd3e84dc3afc88f5c006962", + "version": "d1b634fb80653168b0cd9c8bc39b6795ab043a84", "sum": "aFUI56y6Y8EpniS4cfYqrSaHFnxeomIw4S4+Sz8yPtQ=" }, { @@ -140,8 +140,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "a8772a41782758e8153c494dcd207e770d8421a4", - "sum": "LRx0tbMnoE1p8KEn+i81j2YsA5Sgt3itE5Y6jBf5eOQ=", + "version": "86a7064dcfc0828a10520888a188c46731986b3c", + "sum": "WkRzFpnseUc/Ev8I2QBLxAC4vkPwLHeOGUw5QemCsMU=", "name": "prometheus" }, { @@ -151,7 +151,7 @@ "subdir": "config/crd/bases" } }, - "version": "a81d58f4f14583f93618a789c1854743e08e256a", + "version": "0fc65ce927ab0985a847a4433e7d2f4b9716cb30", "sum": "MK8+uumteRncS0hkyjocvU2vdtlGbfBRPcU0/mJnU2M=" }, { @@ -161,8 +161,8 @@ "subdir": "mixin" } }, - "version": "eea398e7efd525e9ba02ceefce0546867ff2c882", - "sum": "zSLNV/0bN4DcVKojzCqjmhfjtzTY4pDKZXqbAUzw5R0=", + "version": "b7a7522f9766ad06f53d465921c94c98b08a15da", + "sum": "EX2IUc+b27WsvIQrUldoXP5hkI6n0QI8juw45xAdA/U=", "name": "thanos-mixin" }, { diff --git a/manifests/blackboxExporter-deployment.yaml b/manifests/blackboxExporter-deployment.yaml index 2087d051..93cbae33 100644 --- a/manifests/blackboxExporter-deployment.yaml +++ b/manifests/blackboxExporter-deployment.yaml @@ -85,7 +85,7 @@ spec: - --secure-listen-address=:9115 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:19115/ - image: quay.io/brancz/kube-rbac-proxy:v0.14.1 + image: quay.io/brancz/kube-rbac-proxy:v0.14.2 name: kube-rbac-proxy ports: - containerPort: 9115 diff --git a/manifests/grafana-config.yaml b/manifests/grafana-config.yaml index 84312a36..9c491c39 100644 --- a/manifests/grafana-config.yaml +++ b/manifests/grafana-config.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-config namespace: monitoring stringData: diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index a3d015d3..ab12c33d 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-datasources namespace: monitoring stringData: diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index fa980bdc..3cd8cda6 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -600,7 +600,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2361,7 +2361,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4232,7 +4232,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5411,7 +5411,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -6036,7 +6036,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-grafana-overview namespace: monitoring - apiVersion: v1 @@ -9113,7 +9113,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -10488,7 +10488,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-k8s-resources-multicluster namespace: monitoring - apiVersion: v1 @@ -13274,7 +13274,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -14289,7 +14289,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -16747,7 +16747,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -18760,7 +18760,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -20938,7 +20938,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -23181,7 +23181,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -24634,7 +24634,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -26359,7 +26359,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -27411,7 +27411,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -28489,7 +28489,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -29551,7 +29551,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-nodes-darwin namespace: monitoring - apiVersion: v1 @@ -30606,7 +30606,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -31182,7 +31182,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -32399,7 +32399,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -34058,7 +34058,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -35282,7 +35282,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -36542,7 +36542,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -37643,7 +37643,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -39070,7 +39070,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 10626de3..b3af416b 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -22,6 +22,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index a3518457..06f1ec69 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana namespace: monitoring spec: @@ -18,19 +18,19 @@ spec: template: metadata: annotations: - checksum/grafana-config: f6c93c986d2c50845c10914e382be89d - checksum/grafana-dashboardproviders: d745af05a8a365888f1900debe97c976 - checksum/grafana-datasources: ce571e301f5c58c0119e126342cdf81c + checksum/grafana-config: 5c598ba58d9b65011bdbb3864138399a + checksum/grafana-dashboardproviders: c9c1743868aa1c3dab60d2c402e2dcf0 + checksum/grafana-datasources: 5ef0e6acaa5b4e8603740fbad440717d labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 spec: automountServiceAccountToken: false containers: - env: [] - image: grafana/grafana:9.5.2 + image: grafana/grafana:9.5.3 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-networkPolicy.yaml b/manifests/grafana-networkPolicy.yaml index 7fef158d..62cf11cd 100644 --- a/manifests/grafana-networkPolicy.yaml +++ b/manifests/grafana-networkPolicy.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-prometheusRule.yaml b/manifests/grafana-prometheusRule.yaml index 03618a71..7572cf00 100644 --- a/manifests/grafana-prometheusRule.yaml +++ b/manifests/grafana-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 prometheus: k8s role: alert-rules name: grafana-rules diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 8baf8a16..1fad5b80 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceAccount.yaml b/manifests/grafana-serviceAccount.yaml index 1962c945..d0fa1790 100644 --- a/manifests/grafana-serviceAccount.yaml +++ b/manifests/grafana-serviceAccount.yaml @@ -6,6 +6,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana namespace: monitoring diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 3569e656..c64ad37b 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 9.5.2 + app.kubernetes.io/version: 9.5.3 name: grafana namespace: monitoring spec: diff --git a/manifests/kubeStateMetrics-deployment.yaml b/manifests/kubeStateMetrics-deployment.yaml index 68eca57b..0e0a3ce9 100644 --- a/manifests/kubeStateMetrics-deployment.yaml +++ b/manifests/kubeStateMetrics-deployment.yaml @@ -56,7 +56,7 @@ spec: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8081/ - image: quay.io/brancz/kube-rbac-proxy:v0.14.1 + image: quay.io/brancz/kube-rbac-proxy:v0.14.2 name: kube-rbac-proxy-main ports: - containerPort: 8443 @@ -82,7 +82,7 @@ spec: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8082/ - image: quay.io/brancz/kube-rbac-proxy:v0.14.1 + image: quay.io/brancz/kube-rbac-proxy:v0.14.2 name: kube-rbac-proxy-self ports: - containerPort: 9443 diff --git a/manifests/kubernetesControlPlane-prometheusRule.yaml b/manifests/kubernetesControlPlane-prometheusRule.yaml index 5a5fc55e..e62b2518 100644 --- a/manifests/kubernetesControlPlane-prometheusRule.yaml +++ b/manifests/kubernetesControlPlane-prometheusRule.yaml @@ -565,7 +565,7 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeaggregatedapierrors summary: Kubernetes aggregated API has reported errors. expr: | - sum by(name, namespace, cluster)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 + sum by(name, namespace, cluster)(increase(aggregator_unavailable_apiservice_total{job="apiserver"}[10m])) > 4 labels: severity: warning - alert: KubeAggregatedAPIDown @@ -574,7 +574,7 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeaggregatedapidown summary: Kubernetes aggregated API is down. expr: | - (1 - max by(name, namespace, cluster)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 + (1 - max by(name, namespace, cluster)(avg_over_time(aggregator_unavailable_apiservice{job="apiserver"}[10m]))) * 100 < 85 for: 5m labels: severity: warning @@ -1090,7 +1090,7 @@ spec: verb: write record: code:apiserver_request_total:increase30d - expr: | - sum by (cluster, verb, scope) (increase(apiserver_request_slo_duration_seconds_count[1h])) + sum by (cluster, verb, scope) (increase(apiserver_request_slo_duration_seconds_count{job="apiserver"}[1h])) record: cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase1h - expr: | sum by (cluster, verb, scope) (avg_over_time(cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase1h[30d]) * 24 * 30) diff --git a/manifests/nodeExporter-daemonset.yaml b/manifests/nodeExporter-daemonset.yaml index 6c1290e0..3dd55747 100644 --- a/manifests/nodeExporter-daemonset.yaml +++ b/manifests/nodeExporter-daemonset.yaml @@ -73,7 +73,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - image: quay.io/brancz/kube-rbac-proxy:v0.14.1 + image: quay.io/brancz/kube-rbac-proxy:v0.14.2 name: kube-rbac-proxy ports: - containerPort: 9100 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 5fd4d48c..a32b0cee 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -27,6 +27,16 @@ spec: for: 10m labels: severity: critical + - alert: PrometheusSDRefreshFailure + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to refresh SD with mechanism {{$labels.mechanism}}. + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheussdrefreshfailure + summary: Failed Prometheus SD refresh. + expr: | + increase(prometheus_sd_refresh_failures_total{job="prometheus-k8s",namespace="monitoring"}[10m]) > 0 + for: 20m + labels: + severity: warning - alert: PrometheusNotificationQueueRunningFull annotations: description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. diff --git a/manifests/prometheusOperator-clusterRole.yaml b/manifests/prometheusOperator-clusterRole.yaml index f603b3fc..70270455 100644 --- a/manifests/prometheusOperator-clusterRole.yaml +++ b/manifests/prometheusOperator-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/prometheusOperator-clusterRoleBinding.yaml b/manifests/prometheusOperator-clusterRoleBinding.yaml index 213f7707..a375f5d6 100644 --- a/manifests/prometheusOperator-clusterRoleBinding.yaml +++ b/manifests/prometheusOperator-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheusOperator-deployment.yaml b/manifests/prometheusOperator-deployment.yaml index be3417b7..4cf7a6d5 100644 --- a/manifests/prometheusOperator-deployment.yaml +++ b/manifests/prometheusOperator-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 name: prometheus-operator namespace: monitoring spec: @@ -23,14 +23,14 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 spec: automountServiceAccountToken: true containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.65.2 - image: quay.io/prometheus-operator/prometheus-operator:v0.65.2 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.66.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.66.0 name: prometheus-operator ports: - containerPort: 8080 @@ -53,7 +53,7 @@ spec: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8080/ - image: quay.io/brancz/kube-rbac-proxy:v0.14.1 + image: quay.io/brancz/kube-rbac-proxy:v0.14.2 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/manifests/prometheusOperator-networkPolicy.yaml b/manifests/prometheusOperator-networkPolicy.yaml index 7d1a975a..8b7c944a 100644 --- a/manifests/prometheusOperator-networkPolicy.yaml +++ b/manifests/prometheusOperator-networkPolicy.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/prometheusOperator-prometheusRule.yaml b/manifests/prometheusOperator-prometheusRule.yaml index aafb5d80..5e1e9f3d 100644 --- a/manifests/prometheusOperator-prometheusRule.yaml +++ b/manifests/prometheusOperator-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 prometheus: k8s role: alert-rules name: prometheus-operator-rules diff --git a/manifests/prometheusOperator-service.yaml b/manifests/prometheusOperator-service.yaml index d30265a9..5f11f684 100644 --- a/manifests/prometheusOperator-service.yaml +++ b/manifests/prometheusOperator-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/prometheusOperator-serviceAccount.yaml b/manifests/prometheusOperator-serviceAccount.yaml index 6367f8e2..568e30ca 100644 --- a/manifests/prometheusOperator-serviceAccount.yaml +++ b/manifests/prometheusOperator-serviceAccount.yaml @@ -6,6 +6,6 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 name: prometheus-operator namespace: monitoring diff --git a/manifests/prometheusOperator-serviceMonitor.yaml b/manifests/prometheusOperator-serviceMonitor.yaml index 48015856..b8fb5cab 100644 --- a/manifests/prometheusOperator-serviceMonitor.yaml +++ b/manifests/prometheusOperator-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 name: prometheus-operator namespace: monitoring spec: @@ -21,4 +21,4 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.65.2 + app.kubernetes.io/version: 0.66.0 diff --git a/manifests/setup/0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/0alertmanagerConfigCustomResourceDefinition.yaml index 5c8b76db..97bde9e7 100644 --- a/manifests/setup/0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/setup/0alertmanagerConfigCustomResourceDefinition.yaml @@ -2065,7 +2065,7 @@ spec: description: Configures AWS's Signature Verification 4 signing process to sign requests. properties: accessKey: - description: AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used. + description: AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -2090,7 +2090,7 @@ spec: description: RoleArn is the named AWS profile used to authenticate. type: string secretKey: - description: SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used. + description: SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. properties: key: description: The key of the secret to select from. Must be a valid secret key. diff --git a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml index e334639f..f800bebf 100644 --- a/manifests/setup/0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/setup/0alertmanagerCustomResourceDefinition.yaml @@ -929,6 +929,72 @@ spec: - key type: object x-kubernetes-map-type: atomic + smtp: + description: Configures global SMTP parameters. + properties: + authIdentity: + description: SMTP Auth using PLAIN + type: string + authPassword: + description: SMTP Auth using LOGIN and PLAIN. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: SMTP Auth using CRAM-MD5. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server. + type: string + from: + description: The default SMTP From header field. + type: string + hello: + description: The default hostname to identify to the SMTP server. + type: string + requireTLS: + description: The default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + smartHost: + description: The default SMTP smarthost used for sending emails. + properties: + host: + description: Defines the host's address, it can be a DNS name or a literal IP address. + minLength: 1 + type: string + port: + description: Defines the host's port, it can be a literal port number or a port name. + minLength: 1 + type: string + required: + - host + - port + type: object + type: object type: object name: description: The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a `namespace` label for routes and inhibition rules. @@ -974,6 +1040,9 @@ spec: type: object type: array type: object + automountServiceAccountToken: + description: 'AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials.' + type: boolean baseImage: description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' type: string @@ -2892,10 +2961,10 @@ spec: description: Storage is the definition of how storage will be used by the Alertmanager instances. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + description: '*Deprecated: subPath usage will be removed in a future release.*' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' @@ -2909,7 +2978,7 @@ spec: x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' + description: 'EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." @@ -3044,7 +3113,7 @@ spec: type: object type: object volumeClaimTemplate: - description: A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. + description: Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -3070,7 +3139,7 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' @@ -3192,7 +3261,7 @@ spec: type: string type: object status: - description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: '*Deprecated: this field is never set.*' properties: accessModes: description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' diff --git a/manifests/setup/0prometheusCustomResourceDefinition.yaml b/manifests/setup/0prometheusCustomResourceDefinition.yaml index 7cbc6457..d48961ea 100644 --- a/manifests/setup/0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/0prometheusCustomResourceDefinition.yaml @@ -62,7 +62,7 @@ spec: description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalAlertManagerConfigs: - description: 'AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.' + description: "AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config \n The user is responsible for making sure that the configurations are valid \n Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade." properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -78,7 +78,7 @@ spec: type: object x-kubernetes-map-type: atomic additionalAlertRelabelConfigs: - description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.' + description: "AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs \n The user is responsible for making sure that the configurations are valid \n Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade." properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -94,7 +94,7 @@ spec: type: object x-kubernetes-map-type: atomic additionalArgs: - description: AdditionalArgs allows setting additional arguments for the Prometheus container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged. + description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container. \n It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. \n In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged." items: description: Argument as part of the AdditionalArgs list. properties: @@ -126,7 +126,7 @@ spec: type: object x-kubernetes-map-type: atomic affinity: - description: If specified, the pod's scheduling constraints. + description: Defines the Pods' affinity scheduling rules if specified. properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. @@ -598,7 +598,7 @@ spec: type: object type: object alerting: - description: Define details regarding alerting. + description: Defines the settings related to Alertmanager. properties: alertmanagers: description: AlertmanagerEndpoints Prometheus should fire alerts against. @@ -812,10 +812,10 @@ spec: - alertmanagers type: object allowOverlappingBlocks: - description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. + description: "AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. \n *Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.*" type: boolean apiserverConfig: - description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + description: 'APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod''s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.' properties: authorization: description: Authorization section for accessing apiserver @@ -999,13 +999,13 @@ spec: - host type: object arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. + description: When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account's token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. Users should instead provide the credentials using the `spec.bearerTokenSecret` field. properties: deny: type: boolean type: object baseImage: - description: 'Base image to use for a Prometheus deployment. Deprecated: use ''image'' instead' + description: '*Deprecated: use ''spec.image'' instead.*' type: string configMaps: description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. @@ -1013,7 +1013,7 @@ spec: type: string type: array containers: - description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. \n The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` \n Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." items: description: A single application container that you want to run within a pod. properties: @@ -1831,53 +1831,53 @@ spec: type: object type: array disableCompaction: - description: Disable prometheus compaction. + description: When true, the Prometheus compaction is disabled. type: boolean enableAdminAPI: - description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + description: "Enables access to the Prometheus web admin API. \n WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. \n For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" type: boolean enableFeatures: - description: Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + description: "Enable access to Prometheus feature flags. By default, no features are enabled. \n Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" items: type: string type: array enableRemoteWriteReceiver: - description: 'Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver Only valid in Prometheus versions 2.33.0 and newer.' + description: "Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. \n WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver \n It requires Prometheus >= v2.33.0." type: boolean enforcedBodySizeLimit: - description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. Example: 100MB. If defined, the limit will apply to all service/pod monitors and probes. This is an experimental feature, this behaviour could change or be removed in the future. Only valid in Prometheus versions 2.28.0 and newer.' + description: "When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. \n It requires Prometheus >= v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string enforcedLabelLimit: - description: Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelValueLengthLimit: - description: Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedNamespaceLabel: - description: "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `Probe` objects) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to * alerting & recording rules and * the metrics used in their expressions (`expr`). \n Label name is this field's value. Label value is the namespace of the created object (mentioned above)." + description: "When not empty, a label will be added to \n 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. \n The label will not added for objects referenced in `spec.excludedFromEnforcement`. \n The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or `PrometheusRule` object." type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + description: "When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and less than than `spec.enforcedSampleLimit`. \n It is meant to be used by admins to keep the overall number of samples/series under a desired limit." format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced. + description: "When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. \n It is meant to be used by admins to to keep the overall number of targets under a desired limit." format: int64 type: integer evaluationInterval: default: 30s - description: 'Interval between consecutive evaluations. Default: `30s`' + description: 'Interval between rule evaluations. Default: "30s"' pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string excludedFromEnforcement: - description: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true. + description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` set to true." items: description: ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object. properties: @@ -1888,7 +1888,7 @@ spec: - monitoring.coreos.com type: string name: - description: Name of the referent. When not set, all resources are matched. + description: Name of the referent. When not set, all resources in the namespace are matched. type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -1908,7 +1908,7 @@ spec: type: object type: array exemplars: - description: Exemplars related settings that are runtime reloadable. It requires to enable the exemplar storage feature to be effective. + description: Exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective. properties: maxSize: description: Maximum number of exemplars stored in memory for all series. If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage. @@ -1918,13 +1918,13 @@ spec: externalLabels: additionalProperties: type: string - description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). + description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` take precedence over this list. type: object externalUrl: - description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. + description: The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). type: string hostAliases: - description: Pods' hostAliases configuration + description: Optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. properties: @@ -1945,13 +1945,13 @@ spec: - ip x-kubernetes-list-type: map hostNetwork: - description: Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. + description: "Use the host's network namespace if true. \n Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). \n When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` automatically." type: boolean ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. They will only discover endpoints within the namespace of the PodMonitor, ServiceMonitor and Probe objects. Defaults to false. + description: When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe objec. type: boolean image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. + description: "Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. \n Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. \n If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released." type: string imagePullPolicy: description: Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. @@ -1962,7 +1962,7 @@ spec: - IfNotPresent type: string imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: @@ -1973,7 +1973,7 @@ spec: x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: "InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. \n The names of init container name managed by the operator are: * `init-config-reloader`. \n Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." items: description: A single application container that you want to run within a pod. properties: @@ -2791,17 +2791,17 @@ spec: type: object type: array listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + description: When true, the Prometheus server listens on the loopback address instead of the Pod IP's address. type: boolean logFormat: - description: Log format for Prometheus to be configured with. + description: Log format for Log level for Prometheus and the config-reloader sidecar. enum: - "" - logfmt - json type: string logLevel: - description: Log level for Prometheus to be configured with. + description: Log level for Prometheus and the config-reloader sidecar. enum: - "" - debug @@ -2810,13 +2810,13 @@ spec: - error type: string minReadySeconds: - description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. + description: "Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) \n This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate." format: int32 type: integer nodeSelector: additionalProperties: type: string - description: Define which Nodes the Pods are scheduled on. + description: Defines on which Nodes the Pods are scheduled. type: object overrideHonorLabels: description: When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to "exported_